Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13543 | 1 Webkitgtk | 1 Webkitgtk | 2022-05-10 | 6.8 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | |||||
| CVE-2020-25648 | 4 Fedoraproject, Mozilla, Oracle and 1 more | 6 Fedora, Network Security Services, Communications Offline Mediation Controller and 3 more | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. | |||||
| CVE-2020-8277 | 4 C-ares Project, Fedoraproject, Nodejs and 1 more | 8 C-ares, Fedora, Node.js and 5 more | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. | |||||
| CVE-2022-22519 | 1 Codesys | 18 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 15 more | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. | |||||
| CVE-2022-29555 | 1 Northern.tech | 1 Mender | 2022-05-10 | 6.8 MEDIUM | 8.8 HIGH |
| The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking. | |||||
| CVE-2022-21949 | 1 Opensuse | 1 Open Build Service | 2022-05-10 | 9.0 HIGH | 8.8 HIGH |
| A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13. | |||||
| CVE-2022-23063 | 1 Shopizer | 1 Shopizer | 2022-05-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed. | |||||
| CVE-2022-1554 | 1 Clinical-genomics | 1 Scout | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. | |||||
| CVE-2022-29265 | 1 Apache | 1 Nifi | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - EvaluateXPath - EvaluateXQuery - ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services. | |||||
| CVE-2022-28323 | 1 Mediawiki | 1 Mediawiki | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, | |||||
| CVE-2021-38448 | 1 Trane | 6 Ascend Air-cooled Chiller Acr, Intellipak 1, Intellipak 2 and 3 more | 2022-05-10 | 4.6 MEDIUM | 7.6 HIGH |
| The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. | |||||
| CVE-2021-40142 | 1 Opcfoundation | 1 Local Discover Server | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. | |||||
| CVE-2022-26665 | 1 Tylertech | 1 Odyssey Portal | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records. | |||||
| CVE-2022-23400 | 1 Accusoft | 1 Imagegear | 2022-05-10 | 5.8 MEDIUM | 7.1 HIGH |
| A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-28590 | 1 Pixelimity | 1 Pixelimity | 2022-05-09 | 6.5 MEDIUM | 7.2 HIGH |
| A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. | |||||
| CVE-2022-22368 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Scale, Linux Kernel and 1 more | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012. | |||||
| CVE-2021-40822 | 1 Osgeo | 1 Geoserver | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. | |||||
| CVE-2021-36784 | 1 Suse | 1 Rancher | 2022-05-09 | 6.5 MEDIUM | 7.2 HIGH |
| A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. | |||||
| CVE-2021-4200 | 1 Suse | 1 Rancher | 2022-05-09 | 6.5 MEDIUM | 8.8 HIGH |
| A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. | |||||
| CVE-2022-22781 | 1 Zoom | 1 Meetings | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version. | |||||
| CVE-2022-29585 | 1 Mahara | 1 Mahara | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of). | |||||
| CVE-2022-27905 | 1 Controlup | 1 Controlup | 2022-05-09 | 9.0 HIGH | 7.2 HIGH |
| In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this. | |||||
| CVE-2022-29970 | 1 Sinatrarb | 1 Sinatra | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. | |||||
| CVE-2022-0952 | 1 Sitemap Project | 1 Sitemap | 2022-05-09 | 6.8 MEDIUM | 8.8 HIGH |
| The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog. | |||||
| CVE-2020-7248 | 1 Openwrt | 1 Openwrt | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. | |||||
| CVE-2022-20743 | 1 Cisco | 1 Firepower Management Center | 2022-05-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to the web management interface of Cisco FMC Software. An attacker could exploit this vulnerability by uploading a maliciously crafted file to a device running affected software. A successful exploit could allow the attacker to store malicious files on the device, which they could access later to conduct additional attacks, including executing arbitrary code on the affected device with root privileges. | |||||
| CVE-2021-42218 | 1 Rice | 1 Open Motion Planning Library | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| OMPL v1.5.2 contains a memory leak in VFRRT.cpp | |||||
| CVE-2021-43939 | 1 Smartptt | 1 Smartptt Scada | 2022-05-09 | 9.0 HIGH | 8.8 HIGH |
| Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints. | |||||
| CVE-2022-1239 | 1 Hubspot | 1 Hubspot | 2022-05-09 | 6.5 MEDIUM | 8.8 HIGH |
| The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks | |||||
| CVE-2021-46421 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | |||||
| CVE-2022-22834 | 1 Overit | 1 Geocall | 2022-05-09 | 6.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution. | |||||
| CVE-2021-33034 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2022-05-08 | 4.6 MEDIUM | 7.8 HIGH |
| In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. | |||||
| CVE-2021-41819 | 6 Debian, Fedoraproject, Opensuse and 3 more | 9 Debian Linux, Fedora, Factory and 6 more | 2022-05-08 | 5.0 MEDIUM | 7.5 HIGH |
| CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. | |||||
| CVE-2022-29536 | 2 Fedoraproject, Gnome | 2 Fedora, Epiphany | 2022-05-07 | 5.0 MEDIUM | 7.5 HIGH |
| In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. | |||||
| CVE-2022-24828 | 3 Fedoraproject, Getcomposer, Tenable | 3 Fedora, Composer, Tenable.sc | 2022-05-07 | 6.8 MEDIUM | 8.8 HIGH |
| Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. | |||||
| CVE-2022-21703 | 3 Fedoraproject, Grafana, Netapp | 3 Fedora, Grafana, E-series Performance Analyzer | 2022-05-07 | 6.8 MEDIUM | 8.8 HIGH |
| Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | |||||
| CVE-2021-33436 | 2 Microsoft, Nomachine | 2 Windows, Nomachine | 2022-05-07 | 6.2 MEDIUM | 7.3 HIGH |
| NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM. | |||||
| CVE-2022-24879 | 1 Shopware | 1 Shopware | 2022-05-07 | 5.0 MEDIUM | 7.5 HIGH |
| Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. | |||||
| CVE-2021-27229 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2022-05-06 | 6.8 MEDIUM | 8.8 HIGH |
| Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. | |||||
| CVE-2022-28060 | 1 Victor Cms Project | 1 Victor Cms | 2022-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. | |||||
| CVE-2022-27340 | 1 Mingsoft | 1 Mcms | 2022-05-06 | 6.8 MEDIUM | 8.8 HIGH |
| MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. | |||||
| CVE-2022-1509 | 1 Hestiacp | 1 Control Panel | 2022-05-06 | 9.0 HIGH | 8.8 HIGH |
| Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. | |||||
| CVE-2021-3523 | 1 Redhat | 1 Apicast | 2022-05-06 | 4.3 MEDIUM | 7.5 HIGH |
| A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. | |||||
| CVE-2022-22278 | 1 Sonicwall | 98 Nsa 2650, Nsa 2650 Firmware, Nsa 2700 and 95 more | 2022-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack | |||||
| CVE-2022-29505 | 1 Linecorp | 1 Line | 2022-05-06 | 4.4 MEDIUM | 7.8 HIGH |
| Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. | |||||
| CVE-2021-26629 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2022-05-06 | 6.8 MEDIUM | 8.8 HIGH |
| A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’. | |||||
| CVE-2022-23942 | 1 Apache | 1 Doris | 2022-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. | |||||
| CVE-2021-46441 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2022-05-06 | 9.0 HIGH | 8.8 HIGH |
| In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. | |||||
| CVE-2021-46420 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2022-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | |||||
| CVE-2022-1441 | 1 Gpac | 1 Gpac | 2022-05-05 | 6.8 MEDIUM | 7.8 HIGH |
| MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. | |||||